This uncertainty was expected to be resolved by a preliminary ruling from the Court of Justice of the European Union (CJEU), following a question referred by Poland's Supreme Administrative Court (NSA). However, the NSA's judgment from September 3, 2024, raises new questions about where an employer's duty of care in monitoring employees' actions begins and ends.
False invoices – a dispute over liability
The debate over this issue has been ongoing for some time. In May 2022, the NSA referred a question to the CJEU for a preliminary ruling. In January 2023, the CJEU responded, stating that "in a situation where an employee of a VAT taxpayer issued a false invoice showing VAT, using the taxpayer's identity without their knowledge or consent, the employee should be considered the party showing VAT under Article 203, unless the taxpayer failed to exercise the reasonable due diligence required to monitor the actions of said employee."
In other words, the taxpayer will not be liable for the VAT as long as they exercised due diligence in supervising their employees. Notably, the court emphasized that the due diligence must be "reasonably required." This raises a key question: where is the line drawn between failing to exercise due diligence and adhering to it in a "reasonably required" manner?
The Supreme Administrative Court Judgment
The Supreme Administrative Court (Polish: NSA) recognized a lack of clarity in this standard and addressed it in its September 3, 2024 judgment. The court ruled that an employer must exercise due diligence in supervising employees who issue VAT invoices. Otherwise, the employer may be held liable for VAT arising from those invoices
The case in question involved a company (a registered VAT taxpayer), where an employee had issued approximately 1,600 false invoices over several years. Over time, she also involved other colleagues in the fraudulent scheme, who benefited from it as well. According to the NSA, the company had failed to exercise due diligence, as it had not monitored the employee's computer, which was used to issue the invoices. The court emphasized that a taxpayer should establish a system to monitor the integrity of this process, either through internal controls, a specialized employee, or an external entity with expertise in this area. Therefore, it is crucial not to neglect the development and implementation of appropriate control procedures that could deter employees from engaging in fraudulent activities or at least help detect them sooner.
The fact that other employees eventually joined the scheme suggests they felt confident the oversight was inadequate, and the crime would go undetected. In its oral reasoning, the NSA further stressed that while a dishonest employee may always find an opportunity to commit fraud, a proper monitoring system can help prevent or expedite the discovery of such activities.
Moreover, the NSA compared the situation to home insurance, stating that neglecting proper oversight is like leaving the door open for a thief – in such a case, one cannot expect to claim compensation, as due diligence was not observed. However, if the house is adequately secured (i.e., due diligence was exercised), the insurance company has no reason to withhold compensation.
Although the NSA’s ruling has sparked debate, it highlights the importance of evaluating your company's system for monitoring employees who issue invoices. If the system lacks the measures and safeguards that the courts noted in this case, it may not provide the desired level of protection.